Consulting with a Conscience™

A cruciallogics blog

Written by Amol Joshi
on November 09, 2018

Based on the recent Ontario cannabis store data breach it is our bold prediction that the cannabis industry will be the next biggest target for hackers and bad actors.

It's actually not that bold a prediction — it's common sense. Where there's lot of money there are many attempts to breach. And this is a major new growing industry.

Unfortunately, the headline above is going to be far too common unless the leaders of cannabis industry start taking technology seriously.

That's not to say at all that this is unusual. Unfortunately, like every other industry, technology is the last thing that everyone thinks about.

Why? Because technology is something that seems easily available. You can register a business, buy a computer, sign up for a website, get an email address from your website provider, sign up for storage, get an antivirus, all with very few steps. The problem is security isn't a given.

You bring on employee #1, 2 and 3 — and you already got computers for them, signed them with an email from your web service provider, and generally onboarded them.

This works until you have about 10 employees. Then, keeping track of it starts getting difficult. You find you don't have control, and security is a free-for-all. Sooner than you expect, that lack of control means people start signing up for services that are not corporate approved that may sound great in theory but with no one validating them it's only a matter of time until you're the one on the front page with a data breach.

On average, it takes 46 days to resolve a cyber attack at the cost of $21,555 per day. And it doesn’t end there. A loss of customers, dealing with law enforcement, regulatory fines, public relations nightmare is what follows.

All this could be avoided with one simple word: Standardization

The easiest way to manage security is to standardize.

  1. Standardize on the technologies you and your teams use
  2. Select technologies that integrate well with one another — have a single pane of glass to control permissions and deployment of various technologies.
  3. Proper document management and data classification process and policies
  4. Strategically plan and deploy security defences such as firewalls, antivirus protections, url filtering, etc. What and how you select is a strategic decision: not a technology decision
  5. Centralize your updates and patch management
  6. Educate your staff 

Security is not rocket science — as long as you think about it before it is too late.

CrucialLogics is a Microsoft Gold Partner with deep knowledge of the cybersecurity needs of companies of all sizes. Interested in learning more? We've compiled a collection of resources aimed at business leaders right here.

 Read more about this.

You may also like:

Security Cybercrime

4 Most Common Hacks Today and How to Mitigate Against Them

Cybercrime is on the rise around the world, and hackers are getting bolder and more sophisticated by the day. Companies ...

Security Microsoft

Augment Your Pentest with a Comprehensive Office 365 Assessment

While the Covid-19 crisis is “moving the world toward increased technological innovation and online collaboration,” acco...

Security Data Security Cybercrime

8 Protocols to Protect your IT Infrastructure and Prevent Data Leaks

This year, it's estimated that worldwide financial losses due to cybercrime will reach US$6 trillion. Data exfiltration,...